Updated May 14, 2019

WhatsApp uncovers security flaw, exposing spyware vulnerability

The Whatsapp logo.

Photo: Carsten Rehder/picture alliance via Getty Images

WhatsApp has identified an "advanced security flaw" in its messaging service that allowed hackers to install spyware onto phones, the Facebook-owned company confirmed Monday, as it urged its 1.5 billion users to update the latest app version.

Why matters: The Financial Times first reported the vulnerability was developed by NSO Group. The Israeli security firm has been accused of supplying tools for spying on rights groups and journalists, including the slain Washington Post columnist Jamal Khashoggi. Amnesty International is launching legal action to get NSO Group's export license withdrawn in Israel. NSO Group denies any wrongdoing.

Details: WhatsApp told the BBC its security team first identified the flaw and shared details with rights groups, the Department of Justice and others this month. Phones became infected with sophisticated spyware via a missed in-app call.

The big picture: The company said the issue affected a "select number of users" and the fix was rolled out Friday, per the BBC.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems."
ā€” WhatsApp briefing note to journalists.

The other side: NSO Group said in a statement to media outlets the company was investigating the issue. "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies," it said.

Go deeper